Termed Employee Access Into PeopleSoft

Hello All,
My firm's current security configuration is as follows: User passwords are stored in Active Directory, when logging into the application- LDAP is verified and access is granted (AD UN is the same as PS). Our PS password controls are disabled since we are using a directory service for management of user accounts.
With the implemetation of ePay - the business would like to have termed/ retired users continue to access system to get Direct Deposit info and eventually W2's. Our current AD structure cannot support leaving accounts unlocked (mail not archived, security not necessarily managed through groups, etc). So the business wants to employ a custom application allowing users who are termed to have their password set at the Maintain Security > User Profile level, then assigning a "Former User" role via Dynamic Security, and then allowing them to access "Change My Password" via page level security since that functionality is disabled for all active users.
My question, I tried to use the Change Password in my environment, however the change was not made. Is there SignOn PeopleCode that needs to be changed to recognize the submission? Do the password controls need to be enabled for this functionality to work? Also, do any of your firms cater to termed employees, using LDAP & PS? If so, any thoughts on challenges you faced?
I appreciate any insight - thanks!

Popular White Paper On This Topic

If I recall correctly, you need to check to see if you even have the user account passwords available as a valid authentication method in your signon PC. If you don't have this enabled, then you will never be able to log in if they don't have a valid AD account. I've seen an implementation where LDAP authentication was checked first, then the PS user p/w was checked after that. This had to be setup to allow admin accounts to work in PS that weren't Active Directory entries.
Once that works, then you can set every active employee p/w in PS to a random hash string (just don't wipe out your admin p/ws!). Once an employee leaves..
1. reset the p/w to something reasonable to read and mail it to them with instructions to log in and change it.
2. Alter their role security to a 'termed employee' state.
HTH
John